summaryrefslogtreecommitdiffstats
path: root/manifests/profile/pacemaker/cinder/volume.pp
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-15 19:02:42 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-16 08:07:00 +0300
commit5222b8d920d5b5b2e87004c10808b6bea597720a (patch)
tree94973cce0cbceb7974e6ced1aa8f30cb69fccebd /manifests/profile/pacemaker/cinder/volume.pp
parentc2e6be9a35e3c703f200f42a1e11a409ee358f76 (diff)
Remove extra keystone admin haproxy listen and allow TLS
The current code exposes an unused public listen directive in HAProxy for the keystone admin endpoint. This is not ideal and should be removed, as it exposes the service unnecessarily. We should stick to just exposing it to the ctlplane network as is the default. If folks really need to expose it to the public network, they can do so by modifying the ServiceNetMap through t-h-t and setting the keystone admin endpoint's network to external. Now, for "single" or "internal" haproxy endpoints, this adds the ability to detect if they're using the external network, and thus use TLS on it. Which is something a deployer would want if they exposed the keystone admin endpoint in such a way. Change-Id: I79563f62fd49a4f7654779157ebda3c239d6dd22 Closes-Bug: #1710909 Closes-Bug: #1639996
Diffstat (limited to 'manifests/profile/pacemaker/cinder/volume.pp')
0 files changed, 0 insertions, 0 deletions